用Hibernate验证器进行验证
This guide covers how to use Hibernate Validator/Bean Validation for:
-
validating the input/output of your REST services;
-
validating the parameters and return values of the methods of your business services.
先决条件
完成这个指南,你需要:
-
大概15分钟
-
编辑器
-
JDK 17+ installed with
JAVA_HOME
configured appropriately -
Apache Maven 3.9.9
-
如果你愿意的话,还可以选择使用Quarkus CLI
-
如果你想构建原生可执行程序,可以选择安装Mandrel或者GraalVM,并正确配置(或者使用Docker在容器中进行构建)
应用结构
The application built in this guide is quite simple. The user fills a form on a web page.
The web page sends the form content to the BookResource
as JSON (using Ajax). The BookResource
validates the user input and returns the
result as JSON.
解决方案
我们建议您按照下一节的说明逐步创建应用程序。然而,您可以直接转到已完成的示例。
克隆 Git 仓库: git clone https://github.com/quarkusio/quarkus-quickstarts.git
,或下载一个 存档 。
The solution is located in the validation-quickstart
directory.
创建Maven项目
首先,我们需要一个新的工程项目。用以下命令创建一个新项目:
For Windows users:
-
If using cmd, (don’t use backward slash
\
and put everything on the same line) -
If using Powershell, wrap
-D
parameters in double quotes e.g."-DprojectArtifactId=validation-quickstart"
This command generates a Maven structure importing the Quarkus REST (formerly RESTEasy Reactive)/Jakarta REST, Jackson and Hibernate Validator/Bean Validation extensions.
If you already have your Quarkus project configured, you can add the hibernate-validator
extension
to your project by running the following command in your project base directory:
quarkus extension add hibernate-validator
./mvnw quarkus:add-extension -Dextensions='hibernate-validator'
./gradlew addExtension --extensions='hibernate-validator'
这会将以下内容添加到你的构建文件中:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-hibernate-validator</artifactId>
</dependency>
implementation("io.quarkus:quarkus-hibernate-validator")
Constraints
In this application, we are going to test an elementary object, but we support complicated constraints and can validate graphs of objects.
Create the org.acme.validation.Book
class with the following content:
package org.acme.validation;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Min;
public class Book {
@NotBlank(message="Title may not be blank")
public String title;
@NotBlank(message="Author may not be blank")
public String author;
@Min(message="Author has been very lazy", value=1)
public double pages;
}
Constraints are added on fields, and when an object is validated, the values are checked. The getter and setter methods are also used for JSON mapping.
JSON mapping and validation
Create the following REST resource as org.acme.validation.BookResource
:
package org.acme.validation;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
@Path("/books")
public class BookResource {
@Inject
Validator validator; (1)
@Path("/manual-validation")
@POST
public Result tryMeManualValidation(Book book) {
Set<ConstraintViolation<Book>> violations = validator.validate(book);
if (violations.isEmpty()) {
return new Result("Book is valid! It was validated by manual validation.");
} else {
return new Result(violations);
}
}
}
1 | The Validator instance is injected via CDI. |
Yes it does not compile, Result
is missing, but we will add it very soon.
The method parameter (book
) is created from the JSON payload automatically.
The method uses the Validator
instance to check the payload.
It returns a set of violations.
If this set is empty, it means the object is valid.
In case of failures, the messages are concatenated and sent back to the browser.
Let’s now create the Result
class as an inner class:
public static class Result {
Result(String message) {
this.success = true;
this.message = message;
}
Result(Set<? extends ConstraintViolation<?>> violations) {
this.success = false;
this.message = violations.stream()
.map(cv -> cv.getMessage())
.collect(Collectors.joining(", "));
}
private String message;
private boolean success;
public String getMessage() {
return message;
}
public boolean isSuccess() {
return success;
}
}
The class is very simple and only contains 2 fields and the associated getters and setters. Because we indicate that we produce JSON, the mapping to JSON is made automatically.
REST end point validation
While using the Validator
manually might be useful for some advanced usage,
if you simply want to validate the parameters or the return value or your REST end point,
you can annotate it directly, either with constraints (@NotNull
, @Digits
…)
or with @Valid
(which will cascade the validation to the bean).
Let’s create an end point validating the Book
provided in the request:
@Path("/end-point-method-validation")
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Result tryMeEndPointMethodValidation(@Valid Book book) {
return new Result("Book is valid! It was validated by end point method validation.");
}
As you can see, we don’t have to manually validate the provided Book
anymore as it is automatically validated.
If a validation error is triggered, a violation report is generated and serialized as JSON as our end point produces a JSON output. It can be extracted and manipulated to display a proper error message.
An example of such a report could be:
{
"title": "Constraint Violation",
"status": 400,
"violations": [
{
"field": "tryMeEndPointMethodValidation.book.title",
"message": "Title cannot be blank"
}
]
}
This response is produced by Quarkus via a builtin implementation of jakarta.ws.rs.ext.ExceptionMapper
. If the application code needs to handle ValidationException
in some custom way,
it can provide an implementation of jakarta.ws.rs.ext.ExceptionMapper
like so:
import jakarta.validation.ValidationException;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.ExceptionMapper;
import jakarta.ws.rs.ext.Provider;
@Provider
public class ResteasyReactiveViolationExceptionMapper implements ExceptionMapper<ValidationException> {
@Override
public Response toResponse(ValidationException exception) {
// TODO: implement
}
}
Service method validation
It might not always be handy to have the validation rules declared at the end point level as it could duplicate some business validation.
The best option is then to annotate a method of your business service with your constraints (or in our particular case with @Valid
):
package org.acme.validation;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.validation.Valid;
@ApplicationScoped
public class BookService {
public void validateBook(@Valid Book book) {
// your business logic here
}
}
Calling the service in your rest end point triggers the Book
validation automatically:
@Inject BookService bookService;
@Path("/service-method-validation")
@POST
public Result tryMeServiceMethodValidation(Book book) {
try {
bookService.validateBook(book);
return new Result("Book is valid! It was validated by service method validation.");
} catch (ConstraintViolationException e) {
return new Result(e.getConstraintViolations());
}
}
Note that, if you want to push the validation errors to the frontend, you have to catch the exception and push the information yourselves as they will not be automatically pushed to the JSON output.
Keep in mind that you usually don’t want to expose to the public the internals of your services - and especially not the validated value contained in the violation object.
A frontend
Now let’s add the simple web page to interact with our BookResource
.
Quarkus automatically serves static resources contained in the META-INF/resources
directory.
In the src/main/resources/META-INF/resources
directory, replace the index.html
file with the content from this index.html file in it.
运行应用程序
Now, let’s see our application in action. Run it with:
quarkus dev
./mvnw quarkus:dev
./gradlew --console=plain quarkusDev
Then, open your browser to http://localhost:8080/:
-
Enter the book details (valid or invalid)
-
Click on the Try me… buttons to check if your data is valid using one of the methods we presented above.
The application can be packaged using:
quarkus build
./mvnw install
./gradlew build
and executed using java -jar target/quarkus-app/quarkus-run.jar
.
您也可以用以下方法构建原生(native)可执行文件:
quarkus build --native
./mvnw install -Dnative
./gradlew build -Dquarkus.native.enabled=true
进一步探索
Hibernate Validator extension and CDI
The Hibernate Validator extension is tightly integrated with CDI.
Configuring the ValidatorFactory
Sometimes, you might need to configure the behavior of the ValidatorFactory
, for instance to use a specific ParameterNameProvider
.
While the ValidatorFactory
is instantiated by Quarkus itself,
you can very easily tweak it by declaring replacement beans that will be injected in the configuration.
If you create a bean of the following types in your application, it will automatically be injected into the ValidatorFactory
configuration:
-
jakarta.validation.ClockProvider
-
jakarta.validation.ConstraintValidator
-
jakarta.validation.ConstraintValidatorFactory
-
jakarta.validation.MessageInterpolator
-
jakarta.validation.ParameterNameProvider
-
jakarta.validation.TraversableResolver
-
org.hibernate.validator.spi.properties.GetterPropertySelectionStrategy
-
org.hibernate.validator.spi.nodenameprovider.PropertyNodeNameProvider
-
org.hibernate.validator.spi.scripting.ScriptEvaluatorFactory
You don’t have to wire anything.
Obviously, for each listed type, you can declare only one bean. Most of the time, these beans should be declared as However, in the case of |
If customizing the ValidatorFactory
through the available configuration properties and the CDI beans above doesn’t cover your requirements,
you can customize it further by registering ValidatorFactoryCustomizer
beans.
For instance, you could override the built-in validator enforcing the @Email
constraint and use MyEmailValidator
instead with the following class:
@ApplicationScoped
public class MyEmailValidatorFactoryCustomizer implements ValidatorFactoryCustomizer {
@Override
public void customize(BaseHibernateValidatorConfiguration<?> configuration) {
ConstraintMapping constraintMapping = configuration.createConstraintMapping();
constraintMapping
.constraintDefinition(Email.class)
.includeExistingValidators(false)
.validatedBy(MyEmailValidator.class);
configuration.addMapping(constraintMapping);
}
}
All beans implementing ValidatorFactoryCustomizer
are applied, meaning you can have several of them.
If you need to enforce some ordering, you can use the usual @jakarta.annotation.Priority
annotation - beans with higher priority are applied first.
Constraint validators as beans
You can declare your constraint validators as CDI beans:
@ApplicationScoped
public class MyConstraintValidator implements ConstraintValidator<MyConstraint, String> {
@Inject
MyService service;
@Override
public boolean isValid(String value, ConstraintValidatorContext context) {
if (value == null) {
return true;
}
return service.validate(value);
}
}
When initializing a constraint validator of a given type,
Quarkus will check if a bean of this type is available and, if so, it will use it instead of instantiating a ConstraintValidator
.
Thus, as demonstrated in our example, you can fully use injection in your constraint validator beans.
The scope you choose for your
|
Validation and localization
By default, constraint violation messages will be returned in the build system locale.
You can configure this behavior by adding the following configuration in your application.properties
:
# The default locale to use
quarkus.default-locale=fr-FR
If you are using Quarkus REST or RESTEasy Classic, in the context of a Jakarta REST endpoint,
Hibernate Validator will automatically resolve the optimal locale to use from the Accept-Language
HTTP header,
provided the supported locales have been properly specified in the application.properties
:
# The list of all the supported locales
quarkus.locales=en-US,es-ES,fr-FR
Alternatively, you can use all
to make native-image executable to include all available locales. It inflate the size of the executable
substantially though. The difference between including just two or three locales and including all locales is at least 23 MB.
A similar mechanism exists for GraphQL services based on the quarkus-smallrye-graphql
extension.
If this default mechanism is not sufficient and you need a custom locale resolution, you can add additional org.hibernate.validator.spi.messageinterpolation.LocaleResolver
s:
-
Any CDI bean implementing
org.hibernate.validator.spi.messageinterpolation.LocaleResolver
will be taken into account. -
The
LocaleResolver
s are consulted in the order of@Priority
(higher priority goes first). -
A
LocaleResolver
may return null if it cannot resolve the locale, it will then be ignored. -
The first non-null locale returned by a
LocaleResolver
is the one resolved.
Validation groups for REST endpoint or service method validation
It is sometimes necessary to enable different validation constraints for the same class when it’s passed to a different method.
For example, a Book
may need to have a null
identifier when passed to the post
method
(because the identifier will be generated),
but a non-null
identifier when passed to the put
method
(because the method needs the identifier to know what to update).
To address this, you can take advantage of validation groups. Validation groups are markers that you put on your constraints in order to enable or disable them at will.
First, define the Post
and Put
groups, which are just Java interfaces.
public interface ValidationGroups {
interface Post extends Default { (1)
}
interface Put extends Default { (1)
}
}
1 | Make the custom groups extend the Default group.
This means that whenever these groups are enabled, the Default group is also enabled.
This is useful if you have constraints that you want validated in both the Post and Put method:
you can simply use the default group on those constraints, like on the title property below. |
Then add the relevant constraints to Book
, assigning the right group to each constraint:
public class Book {
@Null(groups = ValidationGroups.Post.class)
@NotNull(groups = ValidationGroups.Put.class)
public Long id;
@NotBlank
public String title;
}
Finally, add a @ConvertGroup
annotation next to your @Valid
annotation in your validated method.
@Path("/")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void post(@Valid @ConvertGroup(to = ValidationGroups.Post.class) Book book) { (1)
// ...
}
@Path("/")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
public void put(@Valid @ConvertGroup(to = ValidationGroups.Put.class) Book book) { (2)
// ...
}
1 | Enable the Post group, meaning only constraints assigned to the Post (and Default ) groups
will be validated for the book parameter of the post method.
In this case, it means Book.id must be null and Book.title must not be blank. |
2 | Enable the Put group, meaning only constraints assigned to the Put (and Default ) groups
will be validated for the book parameter of the put method.
In this case, it means Book.id must not be null and Book.title must not be blank. |
Limitations
META-INF/validation.xml
Configuring the ValidatorFactory
using a META-INF/validation.xml
file is NOT supported in Quarkus.
At the moment, Hibernate Validator does not expose an API to extract the information from this file so that we could register the appropriate classes for reflection.
To configure the ValidatorFactory
, use the exposed configuration properties and the CDI integration.
Consequently, the only way to define constraints in Quarkus is by annotating your classes.
ValidatorFactory and native executables
Quarkus provides a default ValidatorFactory
that you can customize using configuration properties.
This ValidatorFactory
is carefully initialized to support native executables
using a bootstrap that is Quarkus-specific.
Creating a ValidatorFactory
by yourself it not supported in native executables
and if you try to do so,
you will get an error similar to jakarta.validation.NoProviderFoundException: Unable to create a Configuration, because no
Jakarta Bean Validation provider could be found. Add a provider like Hibernate Validator (RI) to your
classpath.
when running your native executable.
Thus why you should always use the Quarkus-managed ValidatorFactory
by injecting an instance of
ValidatorFactory
or directly an instance of Validator
using CDI injection.
To support some external libraries that are creating a ValidatorFactory
using the default bootstrap,
Quarkus returns the ValidatorFactory
managed by Quarkus when Validation.buildDefaultValidatorFactory()
is called.
Hibernate Validator Configuration Reference
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Configuration property |
类型 |
默认 |
---|---|---|
Enable the fail fast mode. When fail fast is enabled the validation will stop on the first constraint violation detected. Environment variable: Show more |
boolean |
|
类型 |
默认 |
|
Define whether overriding methods that override constraints should throw a See Section 4.5.5 of the JSR 380 specification, specifically
Environment variable: Show more |
boolean |
|
Define whether parallel methods that define constraints should throw a See Section 4.5.5 of the JSR 380 specification, specifically
Environment variable: Show more |
boolean |
|
Define whether more than one constraint on a return value may be marked for cascading validation are allowed. The default value is See Section 4.5.5 of the JSR 380 specification, specifically
Environment variable: Show more |
boolean |
|
类型 |
默认 |
|
Configure the Expression Language feature level for constraints, allowing the selection of Expression Language features available for message interpolation. This property only affects the EL feature level of "static" constraint violation messages set through the In particular, it doesn’t affect the default EL feature level for custom violations created programmatically in validator implementations. The feature level for those can only be configured directly in the validator implementation. Environment variable: Show more |
|
|